I would like to request that two-factor authentication (2FA) be implemented on the Netlify platform. To be specific, I’d like to request time-based one-time passwords (TOTP) through an application like Google Authenticator as well as U2F hardware tokens such as YubiKey and similar. 2FA through SMS is no longer considered a secure form of 2FA.

Netlify has control of some seriously important things, so protecting your account should require more than a standard password.

Please let me know what you think and if it is already in the roadmap.

We’ve got it in our feature request list to add that if you’re signing up to Netlify with the email/password combo.

For now, though, we recommend that if you need 2FA then sign up to Netlify with your google or github account and enable hardware specific-2FA on those instead, and that’ll grant you the equivalent level of protection.

@nraboy I’m with you, but I figured I’ve already authorised Netlify with GitHub and GitHub has u2f, so I deleted my Netlify account and re-signed up using my GitHub account. Note that you can change you email Netlify address having done that.